The use of mobile communications devices enables users to access a number of services as they are moving from one location to another. For example, a user may come into proximity of various wireless networks or domains when moving locations. Each network may offer a number of services to the user. In order to access these services, the user may have to login to the network using a registered user identity. This registered user identity may be used by the service provider to authenticate the user to allow the user to access its services.
If the user wants to access services in another network or domain, the user may be forced to perform another registration. If the user attempts to use the user identity that has been registered in another domain, they may receive an error message. Thus, the user may be forced to register separately with each network in which the user wishes to access services from a service provider. This may require the user to remember many different registered identities. Alternatively, the user may register the same, or similar, identity in each network to avoid having to remember each of the different registered identities. This may present security concerns as an attacker may acquire the identity for one network and, as a result, have access to other networks in which the user has used this same identity.
Some service providers may implement OpenID to address some of these concerns. However, even in OpenID a client may belong to a domain which is defined by its discovery and trust relationships with the domain entities. The client may not be able to login with a relying party (RP) that belongs to another identity domain, because this RP does not have a trust relationship with the authentication entities in the source domain, and thus may not trust authentication from the client.